- Add constant time comparison for oauth signatures.
- Add UnexpectedStatusError class for http status errors that are not handled.
- Update issued_at correctly when it is set simultaneously with expires_in.
- Warn on EOL ruby versions.
- Fix DateTime normalization.
- Add RemoteServerError class for 5xx level errors.
- Allow to_json to be called with arguments
- Expires_in now sets and reflects current expires_at value
- Expires_within(0) now returns false when expires_at is nil.
- Restore support for Ruby 1.9.3
- Ensure the "expires_at" attribute is recalculated on refresh (chutzimir)
- Fix warnings on Ruby 2.4 (koic)
- Allow DateTime objects to be passed into attributes (foxtacles)
- Provide signature verification algorithm for compatibility with ruby-jwt 2.0 (jurriaan)
- Signet::OAuth2::Client#decoded_id_token can take a keyfinder block (mvastola)
- Fix timestamp parsing on 32-bit systems
- Fix expiration check when issue/expiry times are nil
- Don't assume Faraday form encoding middleware is present
- Fix an issue with date parsing
- No longer overwrite SSL environment variables.
- Tighten up date & URL (de)serialization for OAuth2 client
- Allow Hurley as a connection
- Allow scope as an option in
fetch_access_token!to request downscoped access tokens - Add expires_within(sec) method to oauth2 client to facilitate proactive refreshes
- Fix language warnings for unused & shadowed variables ((@blowmage)[])
- Update SSL cert path for OSX ((@gambaroff)[])
- Update JWT library and fix broken tests
- Fix incorrect parameter name in OAuth2 client docs ((@samuelreh)[])
- Fix symbolization of URL parameter keys ((@swifthand)[])
- Drop support for ruby versions < 1.9.3
- Update gem dependencies and lock down versions tighter
- Allow form encoded responses when exchanging OAuth 2 authorization codes
- Normalize options keys for indifferent access
- Allow Hash objects to be used to initialize authorization URI
- Added PLAINTEXT and RSA-SHA1 signature methods to OAuth 1 support
- Added client object serialization
- The
approval_promptoption no longer defaults to:force - The
approval_promptandpromptare now mutually exclusive.
- Switched to faraday 0.9.0
- Added
expires_atoption
- Minor documentation fixes
- Allow postmessage as a valid redirect_uri in OAuth 2
- Add support for assertion profile
- Added method to clear credentials
- Backwards compatibility for MultiJson
- Updated Launchy dependency
- Added OAuth 1 server implementation
- Updated Faraday dependency
- Attempts to auto-detect CA cert location
- Request objects no longer recreated during processing
- Faraday middleware now supported
- Streamed requests now supported
- Fixed assertion profiles; client ID/secret omission no longer an error
- Added audience security check for ID tokens
- Fixed a warning while determining grant type
- Removed requirement that a connection be supplied when authorizing requests
- Updated addressable dependency to avoid minor bug
- Fixed some documentation stuff around markdown formatting
- Added support for Google Code wiki format output when generating docs
- Replaced httpadapter gem dependency with faraday
- Replaced json gem dependency with multi_json
- Updated to OAuth 2.0 draft 22
- Complete test coverage
- Updated to incorporate changes to the Google OAuth endpoints
- Added support for JWT-formatted ID tokens.
- Added :issued_at option to #update_token! method.
- Lowered requirements for json gem
- Updated to keep in sync with the new httpadapter changes
- Added support for OAuth 2.0 draft 10
- Added support for a two-legged authorization flow
- Fixed issue with headers passed in as a Hash
- Fixed incompatibilities with Ruby 1.8.6
- Fixed bug with overzealous normalization
- Fixed bug with missing StringIO require
- Fixed issue with dependency on unreleased features of addressable
- Initial release